Online spending is poised to reach an unprecedented $143.7 billion this holiday season. This is a 14% increase from 2018. When surveyed, 57% of consumers say they plan to use a credit or debit card to make holiday purchases.

Close to 41% of consumers plan to buy internet of things (IoT) devices this holiday season such as Amazon’s Alexa or Google Home. IoT devices are vulnerable to attack by criminals.

In anticipation of the holiday spending frenzy, consumers can expect to see more emails from businesses trying to earn consumers’ attention. However, cybercriminals are also particularly active this time of year.

Phishing attacks increasingly sophisticated

The days of the Nigerian prince scam are over. Cybercriminals are doing their homework, researching potential victims through past data breaches at retailers and other large companies. Criminals send tailored phishing emails that look like a real greeting card, package shipment notice, or offer of a discount in an attempt to lure potential victims. This technique is known as social engineering.

Phishing scams are designed to steal victims’ data by entering financial or login information in a fraudulent site.

Bots outnumber holiday shoppers

Human shoppers usually outnumber online shopping bots 2:1. During the holiday season, bots vastly outnumber human shoppers by 20:1. The majority of these bots are seeking to buy limited supply items in order to resell them at a higher price. However, many are designed to brute force their way into consumers’ accounts in order to steal digital currency and conduct credit card fraud.

How to stay safe during the holidays

Avoid shopping from third-party sites. The site could be run by scalpers, or be a scam. On retail websites, look for a green lock in the address bar. This means that the site’s traffic is encrypted. Consumers should scrutinize their credit card bills for fraudulent charges.

If you suspect that you have received a phishing email, contact the company through an email address or phone number you can trust to verify the email is legitimate. Users should avoid clicking any links or entering any personal information into unsolicited emails.